Sarbanes-Oxley Compliance (SOX)
SOX 404 and IT
- Risk Assessment. Before the necessary controls are implemented, IT management must assess and
understand the areas of risk affecting the completeness and validity of the financial reports.
- Control Activities. Design, implementation and quality assurance testing teams should be
independent. ERP and CRM systems that collect data, but feed into manual spreadsheets are prone to human error.
The organization will need to document usage rules and create an audit trail for each system that contributes
- Monitoring. Auditing processes and schedules should be developed to address the high-risk areas
within the IT organization. IT personnel should perform frequent internal audits.
The Sarbanes-Oxley Act of 2002 is a United States law that affects the auditing, financial reporting and security of
financial information of publicly traded companies.
Many publicly traded companies have adopted nFront Password Filter to help them ensure better data security by disallowing
weak, easily hacked passwords. Furthermore, nFront Password Filter has features specifically built in based on SOX
requirements such as the default ability to log all rejected passwords (SOX requires that most IT applications and
processes log all failures).